Methods and techniques are known for digital authentication, which includes use of a Public Key Infrastructure for encryption, decryption and authentication. For authorization of sensitive tasks, or requests for access to sensitive materials, granting access requires consideration of authenticating the identity of the requestor and confirmation of the authority of the requestor to have access to the requested resource or to perform a requested task. It may be necessary to have additional authorizing entities concur with authorizing access. A known example of this is the two-key system required to access the contents of a safety deposit box in bank vaults. Other scenarios may include authentication to access a restricted database, access to sensitive or secure documents, or initiating or discontinuing a program or event that is under control of a computing device.
Access to a resource may require authorization from a source in a specified location, or may require the authorizing entity to be at a specified location. This may be to ensure that the requested information would be received at a known and protected environment, or to ensure that the resource is not requested under threat or intimidation.
Existing solutions to scenarios such as those mentioned above present significant security exposure if the specified location information is discovered, or if dedicated hardware is compromised. Depending upon a specified location as a component of authorization can greatly limit the flexibility of secure authorization implementations, as most future needs cannot be foreseen.